> The threat is not limited to politicians. Anyone (including you and your family members) could be blackmailed or otherwise publicly embarrassed.
... for what they actually did.
You think the solution is allowing people to be blackmailed or otherwise publicly embarrassed for things they didn't do, while removing their ability to verify that they didn't do them?
Being gay is not a crime, and yet people can be blackmailed with it. It is very easy to open yourself up to blackmail by perfectly legitimate activities.
True, there are things that might ruin someone's life even though there's nothing bad about them, but the list of actual crimes and bad things that people do is WAY longer, and being able to prove it is definitely useful...
The same argument can be used to build a police state. But I suspect that you’re not in favour that either.
We shouldn’t be building technical systems that “trap” people, just because they might be doing something bad and might want to prove that one day.
Additionally you’re also ignoring the whole “people have the right, to not have their emails stolen” argument. DKIM signatures are only useful if the emails are stolen, are you trying to suggest that it’s ok to steal emails from people if they’re bad?
> Additionally you’re also ignoring the whole “people have the right, to not have their emails stolen” argument
No, just the opposite, that is an excellent argument and I think that the privacy should be the real focus when we discuss the freedom, and not the accountability. Because freedom is not to be able to get away for the lack of evidence, freedom is not to put innocent people in that kind of situation in the first place.
Police state doesn't come from the ability to track citizens, it comes from the lack of transparency and government's misuse of the information. Now, reality is that having more data collecting increases the chances of misuse, but I think we're attacking the problem from the wrong side. Rather than killing the option to track emails, there should be much more control and transparency on when and how that data can be collected and used.
> Being gay is not a crime, and yet people can be blackmailed with it. It is very easy to open yourself up to blackmail by perfectly legitimate activities.
Option 1: DKIM keys stay private... "That email was just a joke, I'm not really gay"
Option 2: DKIM keys go public... "That email was just someone else's joke, I'm not really gay"
Not really a difference, and with option 2 you can't prove you didn't send it (as far as you can prove someone didn't crack 2048 bit RSA and use that power to concern themselves with your sex life).
Being able to prove a fascist dictator who was killing people for being gay, was secretly engaging in gay acts themselves, might help your cause of protecting gay people.
> Being able to prove a fascist dictator who was killing people for being gay, was secretly engaging in gay acts themselves, might help your cause of protecting gay people.
Because the DKIM keys were not made public, and a message sent from their account could be confirmed to be authentic.
If the keys were public, they could claim forgery. Regardless they could claim their account was hacked, but they couldn't deny the message was sent from their account.
I'm not asking how the technical mechanism proves the messages may be legitimate. I'm asking how you could use that knowledge in the specific situation you outlined to accomplish anything productive.
People change over time, and normal human communications have a natural sunset as most people don't remember every conversation in exacting detail. It is worth at least considering the fact that we've signed up to have basically all our communications preserved and cryptographically signed in perpetuity. Most people using these services didn't fully weigh the options.
No. Once DKIM keys are published, one can simply deny all emails published "from their account". We currently have a way for an attacker to prove an email's origin years after the fact.
I'm afraid there's also a misunderstanding how the real world works. Cryptographic and real-world plausibility are two entirely different things.
People get blackmailed, shamed, hurt and even killed over mere rumors, speculations and suspicions. As long as people believe in something (because something merely look plausible), there's no need for a fancy crypto to prove some machine sent some email. I'd dare to say most people don't even understand what cryptography is and what digital signatures really are (who signs what and what exactly this means).
I'm yet to hear a story of, let's say, a brave dissident who got out of jail because of cryptographic plausible deniability property making their oppressors unable to prove authenticity of some leaked or intercepted correspondence.
Read up on the Hunter Biden emails. After a DKIM signature was verified, the perception of a large number of people (including right here on HN) went from "this cache of email is probably total fiction" to "they likely do have access to at least some of his emails".
They don’t have plausible evidence anyway. Gmail has had bugs before with SPF/DKIM and will have some again for sure.
Some google employees have direct and indirect access to signing keys or writing emails. Not many, and they have good controls, but still many people with the ability to sign messages.
Not to mention a Trojan infiltration or account takeover, of which thousands (if not millions) a day occur.
The DKIM evidence is, for legal purposes, a good hint but far from proof.
In the court of public opinion, the standard is not "100% proven beyond any reasonable doubt". Hence, blackmail can still be very effective if an accusation is highly plausible.
I am not sure why the DKIM for all emails were not released, or why this did not catch more media coverage by other news organizations I consider more reliable (like NYT).
Thank you for this link, this did not come across my radar.
From your link:
> The only way the email could have been faked is if someone hacked into Google's servers, found the private key, and used it to reverse engineer the email's DKIM signature, Graham, said.
https://www.zdnet.com/article/google-fixes-major-gmail-bug-s... is from Aug 2020 and discusses an SPF/DMARC vulnerability that was in Google since forever (and though reported 4 months before public disclosure, was fixed only 7 hours after public disclosure). The last google DKIM bug I'm aware of was in 2012, so I can't counter the specific claim about DKIM with evidence, but the assertion that "the only way to spoof x is to hack and get the private key" is not any absolute truth.
(P.S: I have seen no denial nor confirmation about the authenticity of the Hunter Biden data - only claims of Russian involvement. Make of that what you will. The DKIM is circumstantial data until there is confirmation or denial - especially, as you say, it's not all released).
Sure, you raise very important points. I just found it weird that NYPost was happy just releasing the emails and not the DKIM, and when one was validated, it received literally no coverage. I thought it might catch steam after the election, but the literal silence is surprising to me.
I am not insinuating any wrongdoing from anyone, just bringing it to your attention, as you claimed to not know about it.
Thank you. I indeed did not know about it. I do try to read all sides, but this did not come on my radar (Though I did not, before you posted this, google DKIM+Biden, I did read tens of articles about those emails mostly from republican leaning outlets, and it wasn't mentioned in any of those I read).
But it does support my thesis that DKIM or no DKIM is not what gives (or doesn't give) any credence to the authenticity (or lack of it) -- here we have a high profile case, with DKIM validation (which a lot of people on this thread cleim "is considered proof by people who don't understand it") and it seems to make no difference even in the court of public opinion - those who accepted it, accpeted it without DKIM, and those who rejected it as russian disinformation, rejected it even with DKIM.
I just did, and I have less than 15 related results in the first 4 pages, only two of which are sources I've ever heard of before (washingtonexaminer and nypost). I'm logged out of google, but it's been a while since I deleted my cookies.
I've read literally hundreds of pieces on the hunter biden laptop, about half of them from republican leaning outlets, (I try to keep a balanced diet....) and none of them mentioned DKIM validation.
(For the record: I don't live in the US, I don't watch television, but I do try to keep a balanced news diet)
Huh? No one (including yourself), have mentioned anything about "destruction of evidence" so far. If you care to enlighten me about how it's relevant I'm happy to listen.
By making the DKIM keys public, you are converting solid evidence of something that was said into something that was either really said, or someone else pretended that they said.
No, destruction of evidence involves things like making something impossible to analyze and evaluate. Publication of a key doesn't erase the original messages and does not make it impossible to look into their contents to try to establish authencity by external means. Causing ambiguity is not destruction of evidence.
That would be an act of submitting false evidence, where you actively make a false claim regarding who the sample belongs to.
Which is very distinctly different from a passive act of not maintaining evidence of the origin of every single thing. Keep in mind that no data is altered - the equivalent of all collected samples remaining intact.
It's still just as possible to collect email logs, their contents do not magically dissappear. They would have to be actively manipulated by the party which holds the copy that would be provided to the police (either reported to them or confiscated, etc). That same party could already decide to delete the emails or strip signatures and then alter them.
Would you mind taking a look at this explanation I posted a couple days ago? https://news.ycombinator.com/item?id=25130956 It is my attempt to explain why we don't want users to flame each other here, even when the other person is ignorant or wrong. The reason may be different than you think, in which case perhaps it will have some persuasive power for you. I hope so anyhow.
>But there are many different ways to stick up for the truth
Whoa. Dang, I have to say, I feel a little slighted. I'm neither ignorant, nor wrong, and I'm aghast that you would insinuate that.
I've contributed faithfully to this site for a decade. The other commenter has -15 karma because, as you noticed, his comments are largely childish, combative and unsubstantive. It's embarrassing that you are validating him.
His claim was that Google publishing DKIM keys as described in the article would be "destruction of evidence", but that's provably untrue since there would be neither intent or willfull neglect on anyones part.
Literally (yes, I mean literally) no-one else here on HN, or anywhere on the internet, has legitimately attempted to argue this. It just doesn't hold up to basic scrutiny. "Destruction of evidence" is a very specific legal term with very specific meaning [0][1][2]. He seems to be distorting it in a Guilianni-esque fashion - "It's fraud! ....But no, your honor, not in the legal sense. More like in my own made-up imaginary sense!".
I've been restrained and as courteous as possible (under the circumstances), but even after you tried to squash the thread, and I stopped commenting, he's continued to insult me. You seem to be tolerating it.
I would have appreciated it if you enforced sanctions against obviously bad actors and remained completely neutral. That is what you're known for, but I respectful think you've failed in this case. At any rate, I know you have just about the hardest job on the internet, so I'll go ahead and chalk this up to misunderstanding.
None of those phrases imply that you were ignorant or wrong. They're simply saying that even if the other person is correct in their position, it doesn't justify breaking the site guidelines.
This is a way of pre-empting the objection "But the other person is wrong and I'm right", which otherwise is the most common reaction to getting moderated. Since the moderation issue is about how people treat each other rather than how right or wrong they are, it's helpful to take it off the table in this way. If you think about it, it's a way of raising the bar for behavior on HN and in that respect is a stronger moderation reaction, not a weaker one.
I am careful, when using such phrases, never to actually take a side on the issue of rightness or wrongness. Remember that in every argument, the other person considers that they are the one who is right; moderating like this is a way of temporarily standing beside them from that perspective and pointing out that nevertheless, they should not have broken the rules. (An exception might be if I happen to personally know the truth about the point under dispute. But I know nothing about DKIM; I barely remember what it is.)
But there are many different ways to stick up for the truth, and some have positive side effects and some not—hammering people over the head, for example. The side effects are actually more important.
... for what they actually did.
You think the solution is allowing people to be blackmailed or otherwise publicly embarrassed for things they didn't do, while removing their ability to verify that they didn't do them?